Learning Paths

Blue Team Tools

  • Number of Courses18 courses
  • Duration9 hours

MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community. With the addition of MITRE Shield, you now have a 360 degree view of attack scenarios and the data and capabilities needed to stop them.

Further details on the MITRE Shield framework can be found at https://shield.mitre.org/

Further details on the MITRE ATT&CK® framework can be found at https://attack.mitre.org/

Our blue team tooling courses focus on the use of a specific industry-standard, open source tool to protect, detect, and respond against targeted threat actor techniques in an enterprise environment. Knowing what a tool is and how it can be integrated into your overall enterprise security strategy will ultimately lend to your ability as an organization or an individual to defend against specific adversary activity.

Courses in this path

Introduction

The first course in this series discusses the use of open source, blue team tools to fill the gaps in your enterprise security, in turn, enable your information security organization to evolve their capabilities as fast as the threat actors you are defending against.

Network Analysis

In this section, you will learn about the tools associated with network analysis to detect related data source TTPs and actively meet the adversary's activity with a response before you encounter it.

Infrastructure Analysis

In this section, you will learn about the tools associated with infrastructure analysis to detect related data source TTPs and actively meet the adversary's activity with a response before you encounter it.

File Analysis

In this section, you will learn about the tools associated with file analysis to detect related data source TTPs and actively meet the adversary's activity with a response before you encounter it.

Application Analysis

In this section, you will learn about the tools associated with application analysis to detect related data source TTPs and actively meet the adversary's activity with a response before you encounter it.

Incident Management

In this section, you will learn about the tools associated with incident management to detect related data source TTPs and actively meet the adversary's activity with a response before you encounter it.

Join our learners and upskill
in leading technologies